Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Debian alert: No w3m packages for powerpc available

In SNS Advisory No. 32 a buffer overflow vulnerability has been
reported in the routine which parses MIME headers that are returned
from web servers. A malicious web server administrator could exploit
this and let the client web browser execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 081-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 18th, 2001
- --------------------------------------------------------------------------
Packages : w3m, w3m-ssl
Vulnerability : Buffer Overflow
Problem-Type : remote code execution
Debian-specific: no
In SNS Advisory No. 32 a buffer overflow vulnerability has been
reported in the routine which parses MIME headers that are returned
from web servers. A malicious web server administrator could exploit
this and let the client web browser execute arbitrary code.
We are awfully sorry, but the powerpc version in our announcement DSA
081-1 was built on the wrong distribution (unstable instead of
stable), and thus depended on a wrong version of the glibc. We had to
remove that file and cannot provide a fixed version.
For the powerpc architecture there is only a very old version of w3m
available. We recommend that you don't use w3m on the powerpc
distribution. If you require a text browser please check out links
and lynx which are both good and stable.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7zuQoW5ql+IAeqTIRAsfAAJ4jHmz6YfaIYk5xF7NisUGRzMZAPwCfaOLr
D+NaZwivx+ZyBg4LBlhUm74=
=bWU9
-----END PGP SIGNATURE-----